Re: Find out the subnetting of a company
From: Tony Carter (tcarter_at_entrusion.com)
Date: 07/22/04
- Previous message: David M. Zendzian: "Re: Find out the subnetting of a company"
- In reply to: David M. Zendzian: "Re: Find out the subnetting of a company"
- Next in thread: Martin Mačok: "Re: Find out the subnetting of a company"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 20:44:56 -0400 To: "David M. Zendzian" <dmz@dmzs.com>
ICMP type 18, Address mask reply message is generated in response to
an ICMP type 17, Address mask request message.
ICMPush at packetstorm or http://www.angio.net/security/icmpquery.c
-Tony
On Jul 20, 2004, at 12:53 PM, David M. Zendzian wrote:
> Isn't there some icmp or ip based packet that can be sent to most
> devices querying the subnet theyare in? I am on vacation with only
> blackberry and can't google it, but someone out there must be familiar
> with that??
> -----Original Message-----
> From: "Dieter Sarrazyn" <dsr@ascure.com>
> Date: Tue, 20 Jul 2004 08:38:42
> To:<il.prof@virgilio.it>, <pen-test@securityfocus.com>
> Subject: RE: Find out the subnetting of a company
>
> Hi,
>
> You can find lot's of the subnet structure with ping & traceroute scans
> already. First, you can use the ping functionality of nmap (nmap -sP)
> which should give you information about network and broadcast
> addresses.
> If you found these parts, you already know how the subnetting is done.
> With traceroute, you'll find out how these subnets are connected to
> eachother.
>
> Of course, if there's a router that has snmp enabled, try to find one
> of
> the community strings & dump the routing table of this router...
>
> Hope this helps.
>
> regards,
> Dieter
>
>> -----Original Message-----
>> From: il.prof@virgilio.it [mailto:il.prof@virgilio.it]
>> Sent: donderdag 15 juli 2004 10:17
>> To: pen-test@securityfocus.com
>> Subject: Find out the subnetting of a company
>>
>> During an internal black-box penetration test, from a subnet
>> of a company (with or without DHCP), how do you find out the
>> structure of the other subnets of network? In particular, how
>> do you determine/discover the subnetting of the IP space of a company?
>>
>> An example:
>>
>> - IP network of the company XYZ: 10.0.0.0/8 (I use a private
>> class to avoid the use of a real address space)
>> - I?m in the subnet 10.0.0.0/24
>>
>> How do you find out the structure of other subnets that are
>> part of the network 10.0.0.0/8?
>>
>> Il Prof.
>>
>>
>>
>>
>
>
>
> /--------------------------------------\
> David M. Zendzian * dmz@dmzs.com
> (415) 867-7812 - phone
> -------------
> Imagination is greater than knowledge * Albert Einstein
> Every day is a good day, whether you like it or not! *
>
- Previous message: David M. Zendzian: "Re: Find out the subnetting of a company"
- In reply to: David M. Zendzian: "Re: Find out the subnetting of a company"
- Next in thread: Martin Mačok: "Re: Find out the subnetting of a company"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
